PT-2016-4853 · Bmc · Bmc Bladelogic Server Automation

Olga Yanushkevich

Publicado

2016-06-13

Atualizado

2018-10-09

CVE-2016-1542

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions BMC BladeLogic Server Automation (BSA) versions 8.2.x through 8.7.x

Description The issue allows remote attackers to bypass authorization and enumerate users by sending an action packet to the xmlrpc endpoint after an authorization failure. This occurs due to a flaw in the RPC API in the RSCD agent on Linux and UNIX systems.

Recommendations For versions 8.2.x through 8.7.x, consider restricting access to the xmlrpc endpoint to minimize the risk of exploitation until a patch is available.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2016-1542

Produtos afetados

Bmc Bladelogic Server Automation

PT-2016-4853 · Bmc · Bmc Bladelogic Server Automation

CVE-2016-1542

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10